fix misc rest bugs

server/src/main/java/password/pwm/ws/server/RestServlet.java

@@ -343,9 +343,17 @@ public abstract class RestServlet extends HttpServlet
                 case json:
                 {
                     resp.setHeader( HttpHeader.ContentType.getHttpName(), HttpContentType.json.getHeaderValue() );
+                    final String formatParameter = request.getParameter( "format" );
                     try ( PrintWriter pw = resp.getWriter() )
                     {
-                        pw.write( restResultBean.toJson() );
+                        if ( "pretty".equalsIgnoreCase( formatParameter ) )
+                        {
+                            pw.write( JsonUtil.serialize( restResultBean, JsonUtil.Flag.PrettyPrint ) );
+                        }
+                        else
+                        {
+                            pw.write( restResultBean.toJson() );
+                        }
                     }
                 }
                 break;

server/src/main/java/password/pwm/ws/server/rest/RestChallengesServer.java

@@ -77,6 +77,8 @@ public class RestChallengesServer extends RestServlet
 {
 
     private static final String FIELD_USERNAME = "username";
+    private static final String FIELD_ANSWERS = "answers";
+    private static final String FIELD_HELPDESK = "helpdesk";
 
     @Data
     public static class Policy implements Serializable
@@ -158,8 +160,8 @@ public class RestChallengesServer extends RestServlet
 
             throws PwmUnrecoverableException
     {
-        final boolean answers = restRequest.readParameterAsBoolean( "answers" );
-        final boolean helpdesk = restRequest.readParameterAsBoolean( "helpdesk" );
+        final boolean answers = restRequest.readParameterAsBoolean( FIELD_ANSWERS );
+        final boolean helpdesk = restRequest.readParameterAsBoolean( FIELD_HELPDESK );
         final String username = restRequest.readParameterAsString( FIELD_USERNAME, PwmHttpRequestWrapper.Flag.BypassValidation );
 
         try
@@ -248,7 +250,14 @@ public class RestChallengesServer extends RestServlet
     {
         final JsonChallengesData jsonInput = RestUtility.deserializeJsonBody( restRequest, JsonChallengesData.class );
 
-        final TargetUserIdentity targetUserIdentity = RestUtility.resolveRequestedUsername( restRequest, jsonInput.getUsername() );
+        final String username = RestUtility.readValueFromJsonAndParam(
+                jsonInput.getUsername(),
+                restRequest.readParameterAsString( FIELD_USERNAME, PwmHttpRequestWrapper.Flag.BypassValidation ),
+                FIELD_USERNAME,
+                RestUtility.ReadValueFlag.optional
+        );
+
+        final TargetUserIdentity targetUserIdentity = RestUtility.resolveRequestedUsername( restRequest, username );
 
         try
         {
@@ -296,13 +305,7 @@ public class RestChallengesServer extends RestServlet
     public RestResultBean processJsonDeleteChallengeData( final RestRequest restRequest )
             throws IOException, PwmUnrecoverableException
     {
-        final JsonDeleteInput jsonBody = RestUtility.deserializeJsonBody( restRequest, JsonDeleteInput.class, RestUtility.Flag.AllowNullReturn );
-
-        final String username = RestUtility.readValueFromJsonAndParam(
-                jsonBody == null ? null : jsonBody.getUsername(),
-                restRequest.readParameterAsString( FIELD_USERNAME ),
-                FIELD_USERNAME
-        );
+        final String username = restRequest.readParameterAsString( FIELD_USERNAME );
 
         return doDeleteChallengeData( restRequest, username );
     }

server/src/main/java/password/pwm/ws/server/rest/RestFormSigningServer.java

@@ -72,13 +72,28 @@ public class RestFormSigningServer extends RestServlet
         }
     }
 
-    @RestMethodHandler( method = HttpMethod.POST, produces = HttpContentType.json )
+    @RestMethodHandler( method = HttpMethod.POST, produces = HttpContentType.json, consumes = HttpContentType.json )
     private RestResultBean handleRestJsonPostRequest( final RestRequest restRequest )
             throws IOException, PwmUnrecoverableException
     {
-
         final Map<String, String> inputFormData = restRequest.readBodyAsJsonStringMap( PwmHttpRequestWrapper.Flag.BypassValidation );
+        return handleRestPostRequest( restRequest, inputFormData );
+    }
+
+    @RestMethodHandler( method = HttpMethod.POST, produces = HttpContentType.json, consumes = HttpContentType.form )
+    private RestResultBean handleRestFormPostRequest( final RestRequest restRequest )
+            throws IOException, PwmUnrecoverableException
+    {
+        final Map<String, String> inputFormData = restRequest.readParametersAsMap();
+        return handleRestPostRequest( restRequest, inputFormData );
+    }
 
+    private RestResultBean handleRestPostRequest(
+            final RestRequest restRequest,
+            final Map<String, String> inputFormData
+    )
+            throws PwmUnrecoverableException
+    {
         if ( !restRequest.getRestAuthentication().getUsages().contains( WebServiceUsage.SigningForm ) )
         {
             final String errorMsg = "request is not authenticated with permission for " + WebServiceUsage.SigningForm;

server/src/main/java/password/pwm/ws/server/rest/RestProfileServer.java

@@ -23,6 +23,7 @@
 package password.pwm.ws.server.rest;
 
 import com.novell.ldapchai.exception.ChaiUnavailableException;
+import jetbrains.exodus.core.dataStructures.hash.LinkedHashSet;
 import lombok.Data;
 import password.pwm.PwmConstants;
 import password.pwm.config.PwmSetting;
@@ -61,8 +62,10 @@ import javax.servlet.annotation.WebServlet;
 import java.io.IOException;
 import java.io.Serializable;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 @WebServlet(
         urlPatterns = {
@@ -73,6 +76,8 @@ import java.util.Map;
 public class RestProfileServer extends RestServlet
 {
 
+    private static final String FIELD_USERNAME = "username";
+
     @Data
     public static class JsonProfileData implements Serializable
     {
@@ -191,7 +196,13 @@ public class RestProfileServer extends RestServlet
     )
             throws PwmUnrecoverableException, ChaiUnavailableException, PwmOperationalException
     {
-        final TargetUserIdentity targetUserIdentity = RestUtility.resolveRequestedUsername( restRequest, jsonInput.getUsername() );
+        final String username = RestUtility.readValueFromJsonAndParam(
+                jsonInput.getUsername(),
+                restRequest.readParameterAsString( FIELD_USERNAME ),
+                FIELD_USERNAME, RestUtility.ReadValueFlag.optional
+        );
+
+        final TargetUserIdentity targetUserIdentity = RestUtility.resolveRequestedUsername( restRequest, username );
 
         final String updateProfileID = ProfileUtility.discoverProfileIDforUser(
                 restRequest.getPwmApplication(),
@@ -225,15 +236,22 @@ public class RestProfileServer extends RestServlet
 
         final FormMap inputFormData = new FormMap( jsonInput.profile );
         final List<FormConfiguration> profileForm = updateProfileProfile.readSettingAsForm( PwmSetting.UPDATE_PROFILE_FORM );
+        final Set<String> attributesInRequest = new HashSet<>( inputFormData.keySet() );
         final Map<FormConfiguration, String> profileFormData = new HashMap<>();
         for ( final FormConfiguration formConfiguration : profileForm )
         {
             if ( !formConfiguration.isReadonly() && inputFormData.containsKey( formConfiguration.getName() ) )
             {
                 profileFormData.put( formConfiguration, inputFormData.get( formConfiguration.getName() ) );
+                attributesInRequest.remove( formConfiguration.getName() );
             }
         }
 
+        if ( !attributesInRequest.isEmpty() )
+        {
+            throw new PwmUnrecoverableException( PwmError.ERROR_REST_INVOCATION_ERROR, "unknown profile data field '" + attributesInRequest.iterator().next() + "'" );
+        }
+
         final UserInfo userInfo = UserInfoFactory.newUserInfo(
                 restRequest.getPwmApplication(),
                 restRequest.getSessionLabel(),

server/src/main/java/password/pwm/ws/server/rest/RestVerifyResponsesServer.java

@@ -124,7 +124,7 @@ public class RestVerifyResponsesServer extends RestServlet
                     targetUserIdentity.getChaiUser()
             );
 
-            final boolean verified = responseSet.test( jsonInput.toCrMap() );
+            final boolean verified = responseSet != null && responseSet.test( jsonInput.toCrMap() );
 
             final RestResultBean restResultBean = RestResultBean.forSuccessMessage( verified, restRequest, Message.Success_Unknown );
 

server/src/main/webapp/public/reference/rest.jsp

@@ -585,7 +585,7 @@ Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
                 <td class="key">Request</td>
         <td class="exampleTD">
 <pre>
-DELETE <pwm:context/>/public/rest/challenges HTTP/1.1
+DELETE <pwm:context/>/public/rest/challenges?username=user1234 HTTP/1.1
 Accept-Language: en
 Accept: application/json
 Content-Type: application/json